Historically most organizations would attempt to standardize on one platform internally for unstructured data and another for structured data. This meant separating off the unstructured data to a singular admin (or team), and the structured off to a different admin (or team) and the business remained divided in that manner. These could take many forms – SharePoint, File Servers, SQL Server, Oracle, OpenText, etc., yet the concept remained the same across all those platforms. With one for each type of data out there, there was a need for a singular tool or script for each platform to assist the admin and the IT department.
People’s needs started to change, so technology started to change.
The business units needed ways to share content with external users – contractors or similar. Previously there could be red tape to federate domains, or generate a login for those users and a VPN connection, or find a way to publicly expose information that created gaps. They needed business processes that would execute automatically as content was created and updated, reducing manual overhead in as many places as possible.
Simultaneously, different platforms started new best practices. SharePoint encouraged people to stop sharing internal files over email, and instead upload them to SharePoint to improve collaboration. OneDrive for Business became integrated into the Office Suite and recommended users send links rather than actual files. The Enterprise File Sync-and-Share (EFSS) platforms began synchronizing content between workstations and the cloud, making that content easily shareable outside the organization rather than just internally. Multiple users could work on the same document and see the changes occur live! This became a new era for collaboration!
When these two combined, a scary concept arose: users began picking their own platforms to collaborate and store data rather than using those that had been vetted, monitored, and controlled by the IT team. Productivity went up but so did the risk of a data breach! Suddenly organizations had platforms with sensitive information that very few people knew about. Once they were identified, the damage was generally already done; the user picked that platform for a reason, likely had others using it, and was gaining a benefit they were not getting from the IT-approved systems. Taking this away would risk another replacing it, so there was little choice but for IT to integrate and manage it. What went from two or three platforms was now averaging close to five per organization.
Gaining visibility into and control over these new platforms became complex. Assigning singular admins or new teams for platforms that only a fraction of the business used made minimal sense, but so did adding platforms to the responsibilities of a team that knew nothing about them and had no tools to manage them.
STEALTHbits Technologies prides itself on the breadth of coverage across content storage platforms, both structured and unstructured. However, even this massive list of platforms was not enough to cover everyone’s requirements. Users needed not only the most common platforms out there, but also a way to sync up with the least common platforms, and perhaps even a way to include their custom platforms. User access was spread widely across many areas, and the StealthAUDIT Access Information Center (AIC) was the best place to visualize it if someone those new platforms could be included.
Partially due to this challenge STEALTHbits added a new feature to StealthAUDIT 8.2 called Flexible Imports. This allowed any of StealthAUDIT’s multitude of data collectors (PowerShell, ODBC, etc.) to collect information from a non-standard platform and display it in the AIC for permissions and access (and more!) right alongside the out-of-box platforms. With this easy-to-use feature, users could put any platform they wanted into the AIC and gain the visibility and control they wanted!
This feature was so successful that we decided to take it one step further. And the STEALTHbits Access Library was born.
What is the STEALTHbits Access Library?
The STEALTHbits Access Library is a collection of free connectors that easily import into StealthAUDIT 8.2 and later. Each connector has a target platform it engages with, collects the important information from that platform regarding assets and security, and makes that information available in the AIC. While users of StealthAUDIT can add any platform of choice into the AIC and view user permissions and security, STEALTHbits is making it as easy as possible for the most popular platforms – all for free for users with active maintenance and support! STEALTHbits is initially providing connectors for the top ten platforms requested by our users. They are:
- Microsoft Teams
- Salesforce Libraries
- Google Drive
- Office 365 Tenant Roles
- Azure SQL
- Azure Resource Role Based Access Control (RBAC)
Some of these connectors add value to StealthAUDIT in new and unique ways. Here is a complete description for each of the connectors:
Microsoft Teams is really using SharePoint under the covers for the content storage portion of Teams, and the StealthAUDIT for SharePoint solution already covers security of that content. However, Teams does have a different breakdown regarding security, specifically the Owner and Member of individual Teams, something not directly reflected in SharePoint. The Access Library connector for Microsoft Teams will display an inventory of all of the Teams in an Office 365 Tenant as well as the Owner(s) and Member(s) of each one!
Salesforce is an interesting repository – as a Customer Relationship Management (CRM) platform, most of the content in Salesforce ends up being closer to structured or semi-structured data as it retains customer information in the form of custom objects in their databases. However, Salesforce does allow a repository of libraries in which to keep unstructured data – a repository where much of the sales and marketing organizations place their data, including sensitive data, to support easy access to the teams that need them most. The Access Library connector for Salesforce Libraries will inventory all Libraries within a Salesforce instance and report on which users in Salesforce can access what Libraries, and what rights they are granted on those Libraries.
As one of the earliest and most popular EFSS systems, Google Drive is included as part of the larger G Suite solution. For organizations that choose not to standardize on a Microsoft platform, Google is a very common alternative for email, content storage, and more. Due to its longevity in the space, it’s also one of the most common platforms that users adopt without the presence of IT. The Access Library connector for Google Drive will display an inventory of all Google Drives for an organization, as well as all child folders and any file with unique permissions (for instance, if it has been shared out directly to an external user).
While not a traditional platform of structured or unstructured data, being able to visualize security on virtual machines is very important. Well-secured data on a VM is constructive, but if an account can take an image of that VM then the risk associated with that content significantly increases. The Access Library connector for Hyper-V will display an inventory of all virtual machines on a host as well as all users who can access those, whether granted by a local group or directly.
Similar to Hyper-V, the intent is to be able to monitor and secure access to virtual machine images. The Access Library connector for VMWare will display an inventory of all virtual machines associated with a host as well as all users assigned rights to access them, whether inherited from the host or granted directly.
MySQL and PostgreSQL
As two of the most popular structured data platforms in use right now, it’s important to understand the level of access users can have, including if those permissions go down to the database, table, or schema level. The Access Library connector for MySQL and the Access Library Module for PostgreSQL will display a list of all databases on a host, as well as the rights involved down to the schema level.
Office 365 Tenant Roles
When considering security, one area that many administrators overlook is fellow administrators. In Office 365, each service is compartmentalized in terms of the security model it uses, but when at the tenant scope, differing admins have the ability to grant permissions to different users across the services. If administrator roles cannot be controlled at the Office 365 tenant level, then controlling them on any other service becomes that much more difficult. The Access Library connector for Office 365 Tenant Roles will list out all users and accounts granted some level of access at the tenant scope, as well as associated roles, and the security assigned to those roles.
StealthAUDIT has offered a comprehensive solution for Microsoft SQL from an on-premises perspective for some time. However, as cloud becomes a more-and-more popular form of structured data usage, many customers are switching over to Azure SQL databases. The Access Library connector for Azure SQL will inventory all SQL servers and databases associated with the Azure tenant and report back on the access granted to users whether they be from Azure Active Directory or SQL Authentication.
Azure Resources (RBAC)
Azure contains a wide variety of resources as well as a convoluted security model to those resources. Each of the resources themselves generally has their own form of security once drilled into, such as an Azure VM having AD and local users but completely different users having control of the virtual machine. Visualizing this security can be challenging, frequently requiring a check per-resource on a per-account basis. The Access Library connector for Azure RBAC lists out all subscriptions, resource groups, and resources in the associated Azure tenant, as well as the listing of all users, granted access to those resources.
While the best part of the Access Library may be the fact it is free, the second best is how easily connectors can be created. We are constantly looking for feedback and collaboration on these Access Library connectors. If you have your own or plan to write your own, let us know! We can work with you to get your work shared with others who may be having the same challenges you are.
Looking forward to all of you out there seeing that StealthAUDIT can truly be the platform that connects all of your disparate platforms together!
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
As a VP of Product Strategy at STEALTHbits, Ryan is responsible for the vision and strategy of their Data Access Governance solutions. Ryan has a tenure of thirteen years in the technology space across multiple different areas. Prior to joining STEALTHbits he most recently served as the Director of Product Management at Metalogix Software helping to lead them to acquisition by Quest software. He has also previously held positions in R&D, Presales Engineering, and Technical Support.